From ea50a57602f6de4ecee9daf224f3177a6848c335 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期四, 21 十一月 2024 10:17:34 +0800
Subject: [PATCH] update 优化 xss包装器 Parameter 处理 兼容某些容器不允许改参数的情况
---
ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java | 47 ++++++++++++++++++++++++++++-------------------
1 files changed, 28 insertions(+), 19 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
index 190f94e..914e549 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
@@ -1,19 +1,22 @@
package org.dromara.common.web.filter;
import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.map.MapUtil;
+import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HtmlUtil;
-import org.dromara.common.core.utils.StringUtils;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.MediaType;
-
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
+import org.dromara.common.core.utils.StringUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
import java.util.Map;
/**
@@ -32,16 +35,22 @@
@Override
public String getParameter(String name) {
String value = super.getParameter(name);
- if (value != null) {
- return HtmlUtil.cleanHtmlTag(value).trim();
+ if (value == null) {
+ return null;
}
- return value;
+ return HtmlUtil.cleanHtmlTag(value).trim();
}
@Override
public Map<String, String[]> getParameterMap() {
Map<String, String[]> valueMap = super.getParameterMap();
- for (Map.Entry<String, String[]> entry : valueMap.entrySet()) {
+ if (MapUtil.isEmpty(valueMap)) {
+ return valueMap;
+ }
+ // 閬垮厤鏌愪簺瀹瑰櫒涓嶅厑璁告敼鍙傛暟鐨勬儏鍐� copy涓�浠介噸鏂版敼
+ Map<String, String[]> map = new HashMap<>(valueMap.size());
+ map.putAll(valueMap);
+ for (Map.Entry<String, String[]> entry : map.entrySet()) {
String[] values = entry.getValue();
if (values != null) {
int length = values.length;
@@ -50,25 +59,25 @@
// 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
}
- valueMap.put(entry.getKey(), escapseValues);
+ map.put(entry.getKey(), escapseValues);
}
}
- return valueMap;
+ return map;
}
@Override
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
- if (values != null) {
- int length = values.length;
- String[] escapseValues = new String[length];
- for (int i = 0; i < length; i++) {
- // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
- escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
- }
- return escapseValues;
+ if (ArrayUtil.isEmpty(values)) {
+ return values;
}
- return values;
+ int length = values.length;
+ String[] escapseValues = new String[length];
+ for (int i = 0; i < length; i++) {
+ // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
+ escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
+ }
+ return escapseValues;
}
@Override
--
Gitblit v1.9.3